hwdsl2
1fb5c5be8c
New Libreswan version
...
- Use new Libreswan version 4.10.
Ref: https://lists.libreswan.org/pipermail/swan-announce/2023/000049.html
2023-03-01 08:53:03 -06:00
hwdsl2
3f12b9583b
Update Alpine Linux versions
...
- Add Alpine Linux 3.17 and remove 3.15.
2023-02-11 23:08:37 -06:00
hwdsl2
dc32e28f47
Cleanup
2023-01-13 00:36:49 -06:00
hwdsl2
c356a75bca
Update docs
2023-01-04 18:58:29 -06:00
hwdsl2
4174ffa3ef
Improve VPN setup
...
- Improve download of VPN helper scripts during setup.
Note: https://github.com/hwdsl2/setup-ipsec-vpn/raw/master/extras/ ...
redirects to
https://raw.githubusercontent.com/hwdsl2/setup-ipsec-vpn/master/extras/ ...
Use the latter directly so that Wget can reuse the same connection
for all 3 helper scripts.
- For Ubuntu 18.04, improve download of NSS packages and add fallback URLs.
2022-10-22 23:55:06 -05:00
hwdsl2
28d1f494f0
New Libreswan version
...
- Use new Libreswan version 4.9.
- Compilation of Libreswan 4.9 on Ubuntu 18.04 requires newer
versions of NSS packages. They are installed in a similar way
as apply_ubuntu1804_nss_fix in ikev2setup.sh.
Ref: https://github.com/libreswan/libreswan/issues/892
2022-10-21 00:10:58 -05:00
hwdsl2
3dc675ba37
Add client validity option
...
- For IKEv2 mode, add a new variable VPN_CLIENT_VALIDITY for specifying
the client certificate validity period (in months). Must be an integer
between 1 and 120. Default value is 120. Users can define it as an
environment variable when setting up IKEv2 in auto mode, or when
adding a new IKEv2 client using "--addclient".
2022-10-16 00:45:45 -05:00
hwdsl2
ed359619bb
Cleanup
2022-10-10 00:29:25 -05:00
hwdsl2
bd291e91a1
Cleanup
2022-10-07 00:19:00 -05:00
hwdsl2
6e596825e2
Improve VPN ciphers
...
- Improve security by removing support for modp1536 (DH group 5),
which is less secure and rarely used by VPN clients. To do this,
we specify modp2048 on the "ike=" line in ipsec.conf.
2022-09-30 01:11:18 -05:00
hwdsl2
025387df91
Improve VPN ciphers
...
- Improve security by removing support for modp1024 (DH group 2),
which is less secure and no longer enabled in Libreswan by default.
- The native VPN client on Android devices uses modp1024 for the
IPsec/L2TP and IPsec/XAuth ("Cisco IPsec") modes. After this change,
Android users should instead connect using IKEv2 mode (recommended).
2022-09-29 22:52:40 -05:00
hwdsl2
cc99e18123
Cleanup
2022-09-24 18:56:27 -05:00
hwdsl2
32faed40d5
Improve IP check
...
- Instead of finding the server's public IP, use the IP address
on the default route if it is not a private IP. This makes VPN
setup slightly faster by skipping IP detection.
- Add a fallback URL for finding the server's public IP.
- Cleanup
2022-09-24 00:58:16 -05:00
hwdsl2
c5df950ea2
Improve VPN setup
...
- Continue VPN setup (instead of exiting) if fail2ban fails to install.
2022-09-09 23:53:13 -05:00
hwdsl2
6a525c6c10
Optimize TCP buffers
...
- Improve VPN performance by tuning TCP buffer sizes.
2022-09-07 23:29:10 -05:00
hwdsl2
d2e9b5ff91
Cleanup
2022-08-27 21:51:19 -05:00
hwdsl2
56078b0a1e
Add an option to skip IKEv2 setup
...
- Add an option to skip IKEv2 setup when installing the IPsec VPN.
Example: sudo VPN_SKIP_IKEV2=yes sh vpn.sh
- This allows users to set up an IKEv1-only VPN, or install IKEv2
interactively using "sudo ikev2.sh" after VPN setup.
2022-08-27 15:59:43 -05:00
hwdsl2
35969d2bbb
Update Alpine Linux versions
...
- Add Alpine Linux 3.16 and remove 3.14.
2022-06-19 22:41:21 -05:00
hwdsl2
d36c435c95
Improve IPsec config
...
- IKEv2 mode uses retransmit-timeout instead of dpdtimeout.
- Increase timeouts from 120s to 300s, so that the VPN server can
keep the VPN connection open if the client's network is unstable.
2022-06-15 00:28:21 -05:00
hwdsl2
0e24f8b086
Cleanup
2022-06-09 13:44:16 -05:00
hwdsl2
593f726c80
Cleanup
2022-06-07 22:48:40 -05:00
hwdsl2
41d37e808e
Cleanup
2022-06-07 00:37:31 -05:00
hwdsl2
7b9813d562
Cleanup
2022-05-27 01:12:37 -05:00
hwdsl2
5f1f444a8f
New Libreswan version
...
- Use new Libreswan version 4.7.
Ref: https://lists.libreswan.org/pipermail/swan-announce/2022/000047.html
2022-05-25 23:57:30 -05:00
hwdsl2
c2a01e966c
Cleanup
2022-05-22 00:36:47 -05:00
hwdsl2
a0f2345c3b
Improve subnet check
...
- Improve check for custom VPN subnets.
Ref: 95d9fc4
2022-05-16 21:43:56 -05:00
hwdsl2
62d85490de
Improve VPN setup
...
- On Alpine Linux, update crontabs when uninstalling the VPN.
These cron jobs are for restarting the ipsec service on failure.
Ref: 15d8651
2022-05-13 09:26:08 -05:00
hwdsl2
95d9fc4e03
Add subnet check
...
- Add a check for custom VPN subnets. Those can only be specified
during initial VPN install.
Ref: 1834b79
2022-05-10 08:47:59 -05:00
hwdsl2
c66ca577f3
Update links
...
- Update links due to git.io deprecation.
Ref: https://github.blog/changelog/2022-04-25-git-io-deprecation/
2022-04-29 22:32:22 -05:00
hwdsl2
b2626dc921
Cleanup
2022-04-27 00:05:45 -05:00
hwdsl2
24ce5bedd8
Cleanup
2022-04-23 00:30:26 -05:00
hwdsl2
9458735d2c
Improve Libreswan check
2022-04-23 00:07:46 -05:00
hwdsl2
15d8651f08
Update Alpine script
...
- Restart ipsec service on failure on Alpine Linux.
Ref: 7f2fa159a7
- Cleanup
2022-04-17 15:25:20 -05:00
hwdsl2
a1ab13d9a9
Improve VPN setup
...
- Add fallback URLs for improved reliability
2022-04-11 22:36:43 -05:00
hwdsl2
742e43ffcd
Cleanup
2022-03-18 21:52:20 -05:00
hwdsl2
d182d9651a
Improve VPN setup
...
- Download the add/delete VPN user helper scripts during setup,
so users can use them directly without manual download.
2022-03-13 15:03:28 -05:00
hwdsl2
a891b7613c
Fix for Alpine Linux
...
- Fix IPsec service on Alpine Linux. Fixes #1123 .
- Clean up unneeded /etc/rc.local code for this OS.
2022-03-12 23:55:32 -06:00
hwdsl2
46a83e4f9f
Cleanup
2022-03-08 21:17:16 -06:00
hwdsl2
e5703d8aaa
Cleanup
2022-03-07 21:29:13 -06:00
hwdsl2
40859c5f7f
Improve VPN setup
...
- Display a message if IKEv2 is already set up on the VPN server.
2022-03-06 22:41:29 -06:00
hwdsl2
b6c54c316f
Improve VPN setup
...
- Skip Libreswan install if it has already been installed recently.
2022-03-06 22:36:20 -06:00
hwdsl2
6f4080bab4
Improve VPN setup
...
- Refactor VPN scripts to move IKEv2 setup inside vpnsetup_*.sh
2022-03-03 22:05:09 -06:00
hwdsl2
a4e452e9df
Cleanup
2022-02-23 00:08:45 -06:00
hwdsl2
2bb938416c
Cleanup
2022-01-29 12:35:51 -06:00
hwdsl2
c04d056be6
Cleanup
2022-01-29 01:28:56 -06:00
hwdsl2
5b1377dcf3
Cleanup
2022-01-22 21:34:53 -06:00
hwdsl2
9022caf9f4
Improve VPN setup
...
- Retrieve latest supported Libreswan version before install
- Cleanup
2022-01-22 21:31:55 -06:00
hwdsl2
2ffad259af
New Libreswan version
...
- Use new Libreswan version 4.6.
- Libreswan 4.6 contains a fix for CVE-2022-23094. See the following
links for more information.
https://lists.libreswan.org/pipermail/swan-announce/2022/000046.html
https://libreswan.org/security/
2022-01-11 22:20:57 -06:00
hwdsl2
4403c9c241
Update Alpine scripts
...
- Install nss, nss-tools and nss-dev from 3.14/3.15 repository.
It is not necessary to install from edge because the latest
3.14/3.15 nss related packages are already patched to fix
CVE-2021-43527.
Ref: https://git.alpinelinux.org/aports/tree/community/nss?h=3.15-stable
https://git.alpinelinux.org/aports/tree/community/nss?h=3.14-stable
603b198
2022-01-05 19:33:08 -06:00
hwdsl2
c25baaf9a9
Cleanup
2022-01-04 23:01:14 -06:00